ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast

Size: px
Start display at page:

Download "ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast"

Transcription

1 21 ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards and Technology By Peter Mell and Timothy Grance Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, Maryland

2 22 Special Publication The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance

3 23 NIST Special Publication The NIST Definition of Cloud Computing Peter Mell Timothy Grance C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD September 2011 U.S. Department of Commerce Rebecca M. Blank, Acting Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary for Standards and Technology and Director

4 24 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication pages (September 2011) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. ii

5 25 Acknowledgements The authors Peter Mell and Timothy Grance of the National Institute of Standards and Technology (NIST) would like to thank the many experts in industry and government who contributed their thoughts to the creation and review of this definition. We especially acknowledge Murugiah Souppaya and Lee Badger, also of NIST, and Wayne Jansen of Booz Allen Hamilton, whose advice and technical insight assisted this effort. iii

6 26 1. Introduction 1.1 Authority The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets; but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III. This guideline has been prepared for use by Federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright, though attribution is desired. Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority, nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other Federal official. 1.2 Purpose and Scope Cloud computing is an evolving paradigm. The NIST definition characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing. The service and deployment models defined form a simple taxonomy that is not intended to prescribe or constrain any particular method of deployment, service delivery, or business operation. 1.3 Audience The intended audience of this document is system planners, program managers, technologists, and others adopting cloud computing as consumers or providers of cloud services. 2

7 27 2. The NIST Definition of Cloud Computing Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Essential Characteristics: On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Resource pooling. The provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth. Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time. Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability 1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. Service Models: Software as a Service (SaaS). The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure 2. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based ), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited userspecific application configuration settings. Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming 1 Typically this is done on a pay-per-use or charge-per-use basis. 2 A cloud infrastructure is the collection of hardware and software that enables the five essential characteristics of cloud computing. The cloud infrastructure can be viewed as containing both a physical layer and an abstraction layer. The physical layer consists of the hardware resources that are necessary to support the cloud services being provided, and typically includes server, storage and network components. The abstraction layer consists of the software deployed across the physical layer, which manifests the essential cloud characteristics. Conceptually the abstraction layer sits above the physical layer. 2

8 28 languages, libraries, services, and tools supported by the provider. 3 The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Deployment Models: Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). 3 This capability does not necessarily preclude the use of compatible programming languages, libraries, services, and tools from other sources. 3

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA 22041-3206 TRICARE MANAGEMENT ACTIVITY MEMORANDUM FOR: SEE DISTRIBUTION SUBJECT:

More information

THE DATA CENTER AS A COMPUTER

THE DATA CENTER AS A COMPUTER THE DATA CENTER AS A COMPUTER Cloud Computing November- 2013 FIB-UPC Master MEI CLOUD COMPUTING It s here to stay CONTENT 1. How do we get here? 2. What is Cloud Computing? 3. Definitons and types 4. Case

More information

Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme

Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme NIST Special Publication 800-51 Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme Recommendations of the National Institute of Standards and Technology Peter Mell Tim Grance

More information

Introduction to Cloud Computing. [thoughtsoncloud.com] 1

Introduction to Cloud Computing. [thoughtsoncloud.com] 1 Introduction to Cloud Computing [thoughtsoncloud.com] 1 Outline What is Cloud Computing? Characteristics of the Cloud Computing model Evolution of Cloud Computing Cloud Computing Architecture Cloud Services:

More information

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cloud First Policy General Directorate of Governance and Operations Version April 2017 General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...

More information

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department 1 CLOUD COMPUTING Networks and Communication Department Lecture 4: Introductory lecture for cloud computing By: Latifa ALrashed Outline 2 Introduction to the cloud comupting Define the concept of cloud

More information

Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results

Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results Keyun Ruan, Joe Carthy, Tahar Kechadi, Ibrahim Baggili Digital Investigation 10, No.1, pp

More information

Introduction To Cloud Computing

Introduction To Cloud Computing Introduction To Cloud Computing What is Cloud Computing? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g.,

More information

Topics of Discussion

Topics of Discussion CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture on NIST Cloud Computing Definition, Standards & Roadmap, Security & Privacy Guidelines Spring 2013 A Specialty Course for Purdue

More information

Privacy hacking & Data Theft

Privacy hacking & Data Theft Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. How to Buy the Cloud Brett McMillen, Principal Doug VanDyke, General Manager Changing IT Acquisition Strategies Old World IT Price lock Vendor lock-in Rigid CLIN structure CapEx Budget

More information

Click to edit Master title style

Click to edit Master title style Federal Risk and Authorization Management Program Presenter Name: Peter Mell, Initial FedRAMP Program Manager FedRAMP Interagency Effort Started: October 2009 Created under the Federal Cloud Initiative

More information

Cloud Computing introduction

Cloud Computing introduction Cloud and Datacenter Networking Università degli Studi di Napoli Federico II Dipartimento di Ingegneria Elettrica e delle Tecnologie dell Informazione DIETI Laurea Magistrale in Ingegneria Informatica

More information

Guide for Assessing the Security Controls in Federal Information Systems

Guide for Assessing the Security Controls in Federal Information Systems NIST Special Publication 800-53A Guide for Assessing the Security Controls in Federal Information Systems Ron Ross Arnold Johnson Stu Katzke Patricia Toth George Rogers I N F O R M A T I O N S E C U R

More information

Clouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services

Clouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services Clouds in the Forecast Factors to Consider for In-House vs. Cloud-Based Systems and Services Speakers Sam Gabal Sam Gabal is a Sales Executive with Origami Risk, based in Orange County and experienced

More information

Analysis of Different Techniques Used For Fault Tolerance

Analysis of Different Techniques Used For Fault Tolerance Analysis of Different Techniques Used For Fault Tolerance Jasbir Kaur, Supriya Kinger Department of Computer Science and Engineering, SGGSWU, Fatehgarh Sahib, India, Punjab (140406) Abstract- Cloud computing

More information

Cloud Computing Concepts, Models, and Terminology

Cloud Computing Concepts, Models, and Terminology Cloud Computing Concepts, Models, and Terminology Chapter 1 Cloud Computing Advantages and Disadvantages https://www.youtube.com/watch?v=ojdnoyiqeju Topics Cloud Service Models Cloud Delivery Models and

More information

Cloud Computing and Service-Oriented Architectures

Cloud Computing and Service-Oriented Architectures Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 29 - Friday March 22 2013. Cloud precursors

More information

Cloud Computing Introduction

Cloud Computing Introduction Cloud Computing Introduction Prof. Dr. Thomas M. Bohnert Prof. Dr. Marcel Graf Content Basic Concepts Motivation and Value Proposition Definition of Cloud Computing Examples and Swiss Perspective 2 Starting

More information

Chapter 4. Fundamental Concepts and Models

Chapter 4. Fundamental Concepts and Models Chapter 4. Fundamental Concepts and Models 4.1 Roles and Boundaries 4.2 Cloud Characteristics 4.3 Cloud Delivery Models 4.4 Cloud Deployment Models The upcoming sections cover introductory topic areas

More information

Copyright 2011 EMC Corporation. All rights reserved.

Copyright 2011 EMC Corporation. All rights reserved. 1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-73-3 Interfaces for Personal Identity Verification Part 3: End-Point PIV Client Application Programming Interface Ramaswamy Chandramouli David Cooper James F. Dray Hildegard

More information

Computing as a Service

Computing as a Service Cloud Computing? Dipl. Ing. Abdelnasser Abdelhadi Islamic University Gaza Department of Computer Engineering April 2010 Computing as a Service Business Processes Collaboration Industry Applications Software

More information

United States Government Cloud Standards Perspectives

United States Government Cloud Standards Perspectives United States Government Cloud Standards Perspectives in the context of the NIST initiative to collaboratively build a USG Cloud Computing Technology Roadmap NIST Mission: To promote U.S. innovation and

More information

Fundamental Concepts and Models

Fundamental Concepts and Models Fundamental Concepts and Models 1 Contents 1. Roles and Boundaries 2. Cloud Delivery Models 3. Cloud Deployment Models 2 1. Roles and Boundaries Could provider The organization that provides the cloud

More information

Multitiered Architectures & Cloud Services. Benoît Garbinato

Multitiered Architectures & Cloud Services. Benoît Garbinato Multitiered Architectures & Cloud Services Benoît Garbinato Learning objectives Learn about enterprise computing Learn about multitiered architectures Learn about Java Enterprise Services Learn about cloud

More information

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline

More information

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Cloud Computing January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Purpose and Methodology Survey Sample Field Work December 20, 2011 January 9, 2012 Total Respondents 554 Margin of Error +/- 4.2%

More information

Energy Management with AWS

Energy Management with AWS Energy Management with AWS Kyle Hart and Nandakumar Sreenivasan Amazon Web Services August [XX], 2017 Tampa Convention Center Tampa, Florida What is Cloud? The NIST Definition Broad Network Access On-Demand

More information

International Municipal Lawyers Association 2013 Annual Conference San Francisco, California

International Municipal Lawyers Association 2013 Annual Conference San Francisco, California International Municipal Lawyers Association 2013 Annual Conference San Francisco, California Work Session XIV: Using Cloud Computing to Gain Greater Efficiency Jeff Arvidson* Director, New Product Development

More information

Cloud Computing and Service-Oriented Architectures

Cloud Computing and Service-Oriented Architectures Material and some slide content from: - Atif Kahn SERVICES COMPONENTS OBJECTS MODULES Cloud Computing and Service-Oriented Architectures Reid Holmes Lecture 20 - Tuesday November 23 2010. SOA Service-oriented

More information

1/10/2011. Topics. What is the Cloud? Cloud Computing

1/10/2011. Topics. What is the Cloud? Cloud Computing Cloud Computing Topics 1. What is the Cloud? 2. What is Cloud Computing? 3. Cloud Service Architectures 4. History of Cloud Computing 5. Advantages of Cloud Computing 6. Disadvantages of Cloud Computing

More information

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: Chapter 6 Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: 1.3 Explain network design elements and components. Virtualization Cloud computing: Platform as

More information

Auditing the Cloud. Paul Engle CISA, CIA

Auditing the Cloud. Paul Engle CISA, CIA Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,

More information

Compliance with NIST

Compliance with NIST Compliance with NIST 800-171 1 What is NIST? 2 Do I Need to Comply? Agenda 3 What Are the Requirements? 4 How Can I Determine If I Am Compliant? 5 Corserva s NIST Assessments What is NIST? NIST (National

More information

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając Cloud computing definition Cloud computing is a model for enabling ubiquitous, convenient, ondemand network access to a shared

More information

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided

More information

National Policy and Guiding Principles

National Policy and Guiding Principles National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework

More information

A guide for IT professionals. implementing the hybrid cloud

A guide for IT professionals. implementing the hybrid cloud A guide for IT professionals implementing the hybrid cloud A guide for IT professionals implementing the hybrid cloud Cloud technology is maturing and advancing rapidly. And for schools today, hybrid cloud

More information

Cloud Readiness Toolkit Overview

Cloud Readiness Toolkit Overview Public Disclosure Authorized Public Disclosure Authorized Cloud Readiness Toolkit Overview Public Disclosure Authorized June 2016 Public Disclosure Authorized Table of Contents Disclaimer... 3 Introduction...

More information

The Customizeable Shake Function (Cshake)

The Customizeable Shake Function (Cshake) NIST Special Publication 800-XXX The Customizeable Shake Function (Cshake) John Kelsey Computer Security Division Information Technology Laboratory http://dx.doi.org/10.6028/nist.sp.xxx Month and Year

More information

Cloud Computing, SaaS and Outsourcing

Cloud Computing, SaaS and Outsourcing Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud

More information

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson Presentation to AGA April 20, 2017 Mike Teller Steve Wilson Agenda: What is cloud computing? What are the potential benefits of cloud computing? What are some of the important issues agencies need to consider

More information

Simulation of Cloud Computing Environments with CloudSim

Simulation of Cloud Computing Environments with CloudSim Simulation of Cloud Computing Environments with CloudSim Print ISSN: 1312-2622; Online ISSN: 2367-5357 DOI: 10.1515/itc-2016-0001 Key Words: Cloud computing; datacenter; simulation; resource management.

More information

ECE Enterprise Storage Architecture. Fall ~* CLOUD *~. Tyler Bletsch Duke University

ECE Enterprise Storage Architecture. Fall ~* CLOUD *~. Tyler Bletsch Duke University ECE590-03 Enterprise Storage Architecture Fall 2017.~* CLOUD *~. Tyler Bletsch Duke University Includes material adapted from the course Information Storage and Management v2 (module 13), published by

More information

CHEM-E Process Automation and Information Systems: Applications

CHEM-E Process Automation and Information Systems: Applications CHEM-E7205 - Process Automation and Information Systems: Applications Cloud computing Jukka Kortela Contents What is Cloud Computing? Overview of Cloud Computing Comparison of Cloud Deployment Models Comparison

More information

Cloud Computing: Concepts, Architecture and Applied Research Yingjie Wang1-2,a

Cloud Computing: Concepts, Architecture and Applied Research Yingjie Wang1-2,a 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) Cloud Computing: Concepts, Architecture and Applied Research Yingjie Wang1-2,a 1 College of Information

More information

PIV Data Model Test Guidelines

PIV Data Model Test Guidelines This publication is available free of charge from http://csrc.nist.gov/publications/ Draft NIST Special Publication 800-85B-4 PIV Data Model Test Guidelines Ramaswamy Chandramouli Hildegard Ferraiolo Ketan

More information

Why the cloud matters?

Why the cloud matters? Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with

More information

Building Trust in the Era of Cloud Computing

Building Trust in the Era of Cloud Computing Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.

More information

CLOUD COMPUTING. Rajesh Kumar. DevOps Architect.

CLOUD COMPUTING. Rajesh Kumar. DevOps Architect. CLOUD COMPUTING Rajesh Kumar DevOps Architect @RajeshKumarIN www.rajeshkumar.xyz www.scmgalaxy.com 1 Session Objectives This session will help you to: Introduction to Cloud Computing Cloud Computing Architecture

More information

Analysis of Cloud Computing Delivery Architecture Models

Analysis of Cloud Computing Delivery Architecture Models 2011 Workshops of International Conference on Advanced Information Networking and Applications Analysis of Computing Delivery Architecture Models Irena Bojanova Graduate School of Management and Technology

More information

Ellie Bushhousen, Health Science Center Libraries, University of Florida, Gainesville, Florida

Ellie Bushhousen, Health Science Center Libraries, University of Florida, Gainesville, Florida Cloud Computing Ellie Bushhousen, Health Science Center Libraries, University of Florida, Gainesville, Florida In the virtual services era the term cloud computing has worked its way into the lexicon.

More information

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013

Future Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Future Shifts in Enterprise Architecture Evolution IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Agenda Terminology & Definitions Evolution to Cloud Cloud Adoption Appendix 2013

More information

Guidance for Exchange and Medicaid Information Technology (IT) Systems

Guidance for Exchange and Medicaid Information Technology (IT) Systems Department of Health and Human Services Office of Consumer Information and Insurance Oversight Centers for Medicare & Medicaid Services Guidance for Exchange and Medicaid Information Technology (IT) Systems

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, ORGANIZATION, AND PROCUREMENT.

BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, ORGANIZATION, AND PROCUREMENT. STATEMENT OF VIVEK KUNDRA FEDERAL CHIEF INFORMATION OFFICER, ADMINISTRATOR FOR ELECTRONIC GOVERNMENT AND INFORMATION TECHNOLOGY OFFICE OF MANAGEMENT AND BUDGET BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND

More information

Cloud Computing Strategy in Sudan

Cloud Computing Strategy in Sudan Cloud Computing Strategy in Sudan Yousif Eltahir Sharaf Eldin Ahmed Sudan Academic of Science, Governmental University for Post Graduate Studies, P.O.Box 86, Khartoum Sudan Abstract: Cloud Computing is

More information

White Paper: Cloud Computing Characteristics Are Key. Christopher Olive Chief Architect GP Strategies Corporation

White Paper: Cloud Computing Characteristics Are Key. Christopher Olive Chief Architect GP Strategies Corporation White Paper: Cloud Computing Characteristics Are Key by Christopher Olive Chief Architect GP Strategies Corporation What is cloud computing? Cloud computing remains the buzzword winner of the current technology

More information

Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack

Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack Robert Collazo Systems Engineer Rackspace Hosting The Rackspace Vision Agenda Truly a New Era of Computing 70 s 80 s Mainframe Era 90

More information

White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators.

White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators. White Paper Impact of DoD Cloud Strategy and FedRAMP on CSP, Government Agencies and Integrators. www.spirentfederal.com Table of Contents 1.0 DOD CLOUD STRATEGY IMPACT.............................................................

More information

Analytics in the Cloud Mandate or Option?

Analytics in the Cloud Mandate or Option? Analytics in the Cloud Mandate or Option? Rick Lower Sr. Director of Analytics Alliances Teradata 1 The SAS & Teradata Partnership Overview Partnership began in 2007 to improving analytic performance Teradata

More information

itsmf Annual Conference 2012

itsmf Annual Conference 2012 itsmf Annual Conference 2012 Applying ITIL to Cloud Computing Mr. HP Suen Director itsmf International Executive Board Agenda Definition of Cloud Computing On-demand self service Pool of resources Pre-production

More information

Introduction to Cloud Computing

Introduction to Cloud Computing Introduction to Cloud Computing Nabil Abdennadher nabil.abdennadher@hesge.ch 2017/2018 1 Plan Context Definition Market Cloud service models Cloud deployments models Key drivers to adopting the Cloud Barriers

More information

CLOUD COMPUTING-ISSUES AND CHALLENGES

CLOUD COMPUTING-ISSUES AND CHALLENGES CLOUD COMPUTING-ISSUES AND CHALLENGES Asstt. Prof.Vandana S.D.S.P.Memorial College for Women, Rayya (India) ABSTRACT Cloud computing is a multifaceted technological paradigm that is outgrowth of decades

More information

Assessing Security Requirements for Controlled Unclassified Information

Assessing Security Requirements for Controlled Unclassified Information Draft NIST Special Publication 800-171A Assessing Security Requirements for Controlled Unclassified Information RON ROSS KELLEY DEMPSEY VICTORIA PILLITTERI This publication contains procedures to assess

More information

Conceptual Information of Cloud Computing & Migration with Its Security Approaches Renuka Bareth 1 Rakesh Patel 2 Meenu Rani Dey 3

Conceptual Information of Cloud Computing & Migration with Its Security Approaches Renuka Bareth 1 Rakesh Patel 2 Meenu Rani Dey 3 IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 10, 2014 ISSN (online): 2321-0613 Conceptual Information of Cloud Computing & Migration with Its Security Approaches Renuka

More information

Large Scale Computing Infrastructures

Large Scale Computing Infrastructures GC3: Grid Computing Competence Center Large Scale Computing Infrastructures Lecture 2: Cloud technologies Sergio Maffioletti GC3: Grid Computing Competence Center, University

More information

NISTIR XXXX. Framework for Cloud Usability. Brian Stanton Mary Theofanos Karuna P Joshi. Information Access Division Information Technology Laboratory

NISTIR XXXX. Framework for Cloud Usability. Brian Stanton Mary Theofanos Karuna P Joshi. Information Access Division Information Technology Laboratory NISTIR XXXX Framework for Cloud Usability Brian Stanton Mary Theofanos Karuna P Joshi Information Access Division Information Technology Laboratory August 2014 NISTIR XXXX Page 1 08/16/2014 NISTIR XXXX

More information

The Cloud and Big Data. Christopher L Poelker VP Enterprise Solutions FalconStor Software

The Cloud and Big Data. Christopher L Poelker VP Enterprise Solutions FalconStor Software The Cloud and Big Data Christopher L Poelker VP Enterprise Solutions FalconStor Software US Cloud Commission Commission on the Leadership Opportunity in U.S. Deployment of the Cloud (CLOUD 2 ) Full Report

More information

Rijndael Encryption Technique for User Authentication in Cloud Computing

Rijndael Encryption Technique for User Authentication in Cloud Computing Rijndael Encryption Technique for User Authentication in Cloud Computing 1 Firkhan Ali Bin Hamid Ali and 2 Md Yazid Mohd Saman 1 Fakulti Teknologi Maklumat & Multimedia, Universiti Tun Hussein Onn Malaysia.

More information

Recent Case Study on Cloud Computing and Cloud Deployment Strategies

Recent Case Study on Cloud Computing and Cloud Deployment Strategies Recent Case Study on Cloud Computing and Cloud Deployment Strategies S. Sindhu Assistant Professor, Department of Computer Applications, K.S.Rangasamy College of Arts and Science, Thiruchengode, India

More information

Compliance with NIST Standards and Guidelines

Compliance with NIST Standards and Guidelines NIST Special Publication 800-53 Revision 32 Recommended Security Controls for Federal Information Systems and Organizations Ron Ross Stu Katzke Arnold Johnson Marianne Swanson Gary Stoneburner George Rogers

More information

Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud

Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,

More information

Angela McKay Director, Government Security Policy and Strategy Microsoft

Angela McKay Director, Government Security Policy and Strategy Microsoft Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

More information

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization Cloud Computing: The Next Wave Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization The Starting Point For Me www.af.mil www.af.mil Source: www.cartoonstock.com 2 Possibilities

More information

ISACA Phoenix Chapter Meeting

ISACA Phoenix Chapter Meeting The Cloud inexpensive, rapid deployment, and a governance issue? a presentation for the ISACA Phoenix Chapter Meeting Scottsdale, Arizona 14 May 2015 Hoyt L Kesterson II Terra Verde I ve looked at clouds

More information

Views on the Framework for Improving Critical Infrastructure Cybersecurity

Views on the Framework for Improving Critical Infrastructure Cybersecurity This document is scheduled to be published in the Federal Register on 12/11/2015 and available online at http://federalregister.gov/a/2015-31217, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE

More information

Cloud Computing and Its Impact on Software Licensing

Cloud Computing and Its Impact on Software Licensing Cloud Computing and Its Impact on Software Licensing By Gretchen Kwashnik & Jim Cecil January 25, 2012 What is Cloud Computing? Cloud computing is a model for enabling: on-demand network access to a shared

More information

McAfee Product Entitlement Definitions

McAfee Product Entitlement Definitions McAfee Product Entitlement Definitions Corporate Headquarters 2821 Mission College Blvd. Santa Clara, CA 95054 USA Application Server CPU CPU Core Database Database Instance Entity File Submission Daily

More information

How Credit Unions Are Taking Advantage of the Cloud

How Credit Unions Are Taking Advantage of the Cloud 2013 CliftonLarsonAllen LLP How Credit Unions Are Taking Advantage of the Cloud CUNA Technology Council Conference September 2013 CLAconnect.com Randy Romes, CISSP, CRISC, MCP, PCI-QSA Principal, Information

More information

Cloud Deployment Scenarios

Cloud Deployment Scenarios Cloud Deployment Scenarios Preface List the four major cloud deployment types Describe the features of private, public, hybrid, and community clouds List some additional cloud deployment types Select the

More information

Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012

Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012 Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012 Today s Presenters Lesley Berkeyheiser, SPWG co-chair, moderator Lola Jordan, President, Companion Data Services Susan

More information

How to avoid storms in the cloud. The Australian experience and global trends

How to avoid storms in the cloud. The Australian experience and global trends How to avoid storms in the cloud The Australian experience and global trends Discussion Topics 1. Understanding Cloud and Benefits 2. KPMG research The Australian Experience and Global Trends 3. Considerations

More information

ENERGY EFFICIENT VIRTUAL MACHINE INTEGRATION IN CLOUD COMPUTING

ENERGY EFFICIENT VIRTUAL MACHINE INTEGRATION IN CLOUD COMPUTING ENERGY EFFICIENT VIRTUAL MACHINE INTEGRATION IN CLOUD COMPUTING Mrs. Shweta Agarwal Assistant Professor, Dept. of MCA St. Aloysius Institute of Technology, Jabalpur(India) ABSTRACT In the present study,

More information

Information Security Continuous Monitoring (ISCM) Program Evaluation

Information Security Continuous Monitoring (ISCM) Program Evaluation Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda

More information

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) May 16, 2016 Speakers Ron Moser, Managing Director, Moserhaus Consulting, LLC and Sr. Consultant,

More information

Reviewing Nist Cloud Computing Definition

Reviewing Nist Cloud Computing Definition Reviewing Nist Cloud Computing Definition Danko Naydenov Eurorisk Systems Ltd. 31, General Kiselov Str., 9002 Varna, Bulgaria Е-mail: sky аt eurorisksystems dot com Abstract: The main goal of this paper

More information

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,

More information

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets. REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January

More information

Cloud Computing Definitions and Audits

Cloud Computing Definitions and Audits 2014 CliftonLarsonAllen LLP Cloud Computing Definitions and Audits IIA Florida West Coast Chapter February 28, 2014 CLAconnect.com Overview What is the cloud? Benefits Risks Things to Think About Resources

More information

Cloud Computing Introduction & Offerings from IBM

Cloud Computing Introduction & Offerings from IBM Cloud Computing Introduction & Offerings from IBM Gytis Račiukaitis IT Architect, IBM Global Business Services Agenda What is cloud computing? Benefits Risks & Issues Thinking about moving into the cloud?

More information

Cloud Computing Overview. The Business and Technology Impact. October 2013

Cloud Computing Overview. The Business and Technology Impact. October 2013 Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility

More information

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY Department of Veterans Affairs VA DIRECTIVE 6502.3 Washington, DC 20420 Transmittal Sheet WEB PAGE PRIVACY POLICY 1. REASON FOR ISSUE: To establish policy for the Department of Veterans Affairs (VA) for

More information

CLOUD COMPUTING ABSTRACT

CLOUD COMPUTING ABSTRACT Ruchi Saraf CSE-VII Sem CLOUD COMPUTING By: Shivali Agrawal CSE-VII Sem ABSTRACT Cloud computing is the convergence and evolution of several concepts from virtualization, distributed application design,

More information

An Overview of ISO/IEC family of Information Security Management System Standards

An Overview of ISO/IEC family of Information Security Management System Standards What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information

More information

SEEM3450 Engineering Innovation and Entrepreneurship

SEEM3450 Engineering Innovation and Entrepreneurship SEEM3450 Engineering Innovation and Entrepreneurship Cloud Computing Guest Lecture Gabriel Fung, Ph.D. 2017-10-26 What is Cloud Computing? According to NIST (National Institute of Standards and Technology)

More information

Community Clouds And why you should care about them

Community Clouds And why you should care about them Community Clouds And why you should care about them Matt Johnson, Ed Zedlewski, Eduserv Introduction What is Cloud Computing? National Institute of Standards & Technology (NIST) a model for enabling convenient,

More information

Connected & Automated Vehicle Activities

Connected & Automated Vehicle Activities MDOT State Highway Administration Connected & Automated Vehicle Activities National Rural ITS Conference October 2018 MDOT s CAV Working Group MDOT s CAV Working Group Open discussions on CAV with TBUs,

More information